diff options
| author | Stefan Metzmacher <metze@samba.org> | 2015-12-15 15:11:32 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2016-04-12 19:25:23 +0200 |
| commit | 2200d49cc6452e15a4429f5cb0aaa27eecd13243 (patch) | |
| tree | 97883f878dff105fe1f091e5c865b7eab8d09ab4 /auth/gensec/schannel.c | |
| parent | 0d641ee36ae2c2e47708587c5fc20eb1dc5d92d0 (diff) | |
| download | samba-2200d49cc6452e15a4429f5cb0aaa27eecd13243.tar.gz | |
CVE-2016-2111: auth/gensec: require DCERPC_AUTH_LEVEL_INTEGRITY or higher in schannel_update()
It doesn't make any sense to allow other auth levels.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'auth/gensec/schannel.c')
| -rw-r--r-- | auth/gensec/schannel.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c index 9b28c45183c..be2e94e14d8 100644 --- a/auth/gensec/schannel.c +++ b/auth/gensec/schannel.c @@ -467,6 +467,16 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ *out = data_blob(NULL, 0); + if (gensec_security->dcerpc_auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) { + switch (gensec_security->gensec_role) { + case GENSEC_CLIENT: + return NT_STATUS_INVALID_PARAMETER_MIX; + case GENSEC_SERVER: + return NT_STATUS_INVALID_PARAMETER; + } + return NT_STATUS_INTERNAL_ERROR; + } + switch (gensec_security->gensec_role) { case GENSEC_CLIENT: if (state != NULL) { |